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International application No. PCT/GB99/02669 



I. Basis of the report 

1 . This report has been drawn on the basis of (substitute sheets which have been furnished to the receiving Office in 
response to an invitation under Article 14 are referred to in this report as "originally filed'' and are not annexed to 
the report since they do not contain amendments.): 

Description, pages: 

1 -9 as originally filed 

Claims, No.: 

1 -20 as originally filed 

Drawings, sheets: 

1/1 as originally filed 

2. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 

3. □ This report has been established as if (some of) the amendments had not been made, since they have been 

considered to go beyond the disclosure as filed (Rule 70.2(c)): 

4. Additional observations, if necessary: 



Form PCT/IPEA/409 (Boxes l-VIII, Sheet 1 ) (January 1994) 




INTERNATIONAL PRELIMINARY 

EXAMINATION REPORT International application No. PCT/GB99/02669 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 

1. Statement 



Novelty (N) 


Yes: 


Claims 


1 -20(yes) 




No: 


Claims 




Inventive step (IS) 


Yes: 


Claims 






No: 


Claims 


1 -20 (no) 


Industrial applicability (IA) 


Yes: 


Claims 


1 -20 (yes) 




No: 


Claims 





2. Citations and explanations 
see separate sheet 

VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 
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\A Reasoned statement with regard to novelty, inventive step or industrial 
applicability 

1. The subject-matter of Claims 1 and 1 1 does not involve an inventive step, and 
therefore does not satisfy the criterion set forth in Article 33(3) PCT. 

2. Reference is made to the following documents: 

D1: US 5 355 41 4 A (HALE ROBERT P ET AL) 11 October 1994 (1994-10-1 1) 
D2: EP 0 549 51 1 A (IBM) 30 June 1993 (1993-06-30) 

D3: WO 97 46931 A (CKD SA ;DAPSANCE PIERRE (FR)) 1 1 December 1997 
(1997-12-11) 

D4: WO 95 26085 A (CLARK DERECK B ;INNOVONICS INC (US)) 28 September 
1995 (1995-09-28) 

3. Document D1 , which is considered to represent the most relevant state of the art, 
discloses a data processing device (and corresponding method), said data 
processing device comprising a first input channel (keyboard 130 or mouse 140 in 
D1) and a second input channel, and a security device (120, see column 3, lines 
15-26; column 4, lines 15-17 in D1) for verifying a password from the first input 
channel. 

D1 is silent about how signals from the second input channel (for e.g. a data 
socket) are dealt with. 

D2 (see in particular column 1, line 1 to column 3, line 52) discloses a security 
device (security mechanism 43 in D2) which is configured to receive signals from 
a first input channel (secured input device, such as keyboard 19) but not from a 
second input channel (non-secured input devices), so that D2 teaches a skilled 
person to configure the security device to not receive signals from the second 
input channel. Therefore, the subject-matter of claims 1 and 1 1 is not inventive in 
the light of the disclosures of D1 and D2. 

4. D3 discloses a housing branched between a keyboard and a CPU, this housing 
containing an electronic circuit capable of verifying access authorisation and of 



Form PCT/Separate Sheet/409 (Sheet 1) (EPO-April 1997) 



INTERNATIONAL PRELIMINARY International application No. PCT/GB99/02669 
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modifying the connexion status between the keyboard and the CPU. 

D4 discloses an encryption module for encrypting sensitive data which is 
interposed in series between a computer and a keyboard. 

Dependent Claims 2-10 and 12-20 do not appear to contain any additional 
features which, in combination with the features of any claim to which they refer, 
involve an inventive step because they are either known from the prior art D1 to 
D4 or they define features which are a matter of normal design procedure for the 
skilled person. 



VII. Certain defects in the international application 

1 . Contrary to the requirements of Rule 5.1 (a)(ii) PCT, the relevant background art 
disclosed in the documents D1, D2, D3 and D4 is not mentioned in the 
description, nor are these documents identified therein. 

2. The features of the claims are not provided with reference signs placed in 
parentheses (Rule 6.2(b) PCT). 

3. The claims are not drafted in the two-part form as required by Rule 6.3(b) PCT. 



VIII. Certain observations on the international application 

1 . The claim formulation of the type "In a data processing apparatus ... a security 
device..." (claim 1) does not meet the requirement of Article 6 PCT in that it is 
unclear whether the claims is directed to the data processing apparatus or merely 
to the features relating specifically to the security device. 
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pQp FURTHER see Notified 00 of Transmittal of International Search Report 
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International application No. 

PCT/GB 99/02669 


International filing date (day/month/year) 

12/08/1999 


(Earliest) Priority Date (day/month/year) 

20/08/1998 


Applicant 

C0M0D0 TECHNOLOGY DEVELOPMENT LIMITED et al . 



This International Search Report has been prepared by this International Searching Authority and is transmitted to the applicant 
according to Article 18. A copy is being transmitted to the International Bureau. 

This International Search Report consists of a total of 3 sheets. 

[X] It is also accompanied by a copy of each prior art document cited in this report. 



1 . Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

| | the international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1 (b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing : 
| | contained in the international application in written form. 

filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readble form. 



2. 
3. 



□ 
□ 
□ 
□ 

□ 

□ 
□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
furnished 

Certain claims were found unsearchable (See Box I). 
Unity of invention is lacking (see Box II). 



4. With regard to the title, 

|X] the text is approved as submitted by the applicant. 

| | the text has been established by this Authority to read as follows: 



With regard to the abstract, 

|X] the text is approved as submitted by the applicant, 
the text has been established, according to Rule 3J 

within one month from the date of mailing of this international search report, submit comments to this Authority 



| | the text has been established, according to Rule 38.2(b), by this Authority as it appears in Box III. The applicant may, 



The figure of the drawings to be published with the abstract is Figure No. 



[X] as suggested by the applicant. Q None of the figures. 

| | because the applicant failed to suggest a figure. 

| | because this figure better characterizes the invention. 
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(57) Abstract 

The present invention provides in a data processing apparatus comprising a first input channel (4) and a second input channel (10) 
each for inputting signals, a security device (12) for verifying a password, and means (12) for determining whether the password input to 
the security device comes from the second input channel, in which the security device will verify a correct password from the first input 
channel, but not from the second input channel, in which the security device is configured to receive signals from the first input channel 
and configured not to receive signals from the second input channel. A corresponding method is also provided. 
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IMPROVEMENTS IN AND RELATING TO DATA PROCESSING APPARATUS 

AND VERIFICATION METHODS 

Field of the Invention 

The present invention relates to data processing 
apparatus and to verification methods. 
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Background to the Invention 



Despite the growing proliferation of computer hardware 
and software, there are still serious problems associated 
with data entry, and with the security of both hardware and 
software. Many new problems have arisen and others have 

15 become exacerbated as more and more computers are networked 
together and linked to the internet. One particular 
problem is that of remote hacking in which an unauthorised 
user seeks access to a computer or computer network by 
accessing the computer or a computer on the network 

20 otherwise than though a local keyboard or other local 
peripheral input device. 

The present invention aims to provide in preferred 
embodiments thereof, data processing apparatus and 
25 verification methods that address at least one of these 
problems . 

Summary of the Invention 

30 According to the present invention in a first aspect, 

there is provided in a data processing apparatus comprising 
a first input channel and a second input channel each for 
inputting signals, a security device for verifying a 



WO 00/11535 




PCT/GB99/02669 



password, and means for determining whether the password 
input to the security device comes from the second input 
channel, in which the security device will verify: a correct 
password from the first input channel, but not from the 
5 second input channel, in which the security device is 
configured to receive signals from the first input channel 
and configured not to receive signals from the second input 
channel . 

10 In this way, the device determines whether the password 

input thereto comes from the second input channel, ie it 
physically cannot come from this channel . 

Suitably, the device receives signals only from the 
15 first input channel. Suitably, the device cannot receive 
signals from the second input channel . 

Suitably, the apparatus further comprises means to 
determine whether the security device has verified the 
20 password and, if not, to vary operation of the apparatus. 
Normally, the variation will be a restriction in operation, 
typically it will render the apparatus unusable. 

Suitably, the first input channel comprises a first 
25 peripheral input device. Suitably, the first peripheral 
input device comprises a keyboard and the security device 
is located to receive signals from the keyboard and 
transmit them to a keyboard controller or to a bus. 
Suitably, the device is located between the keyboard 
30 controller and the keyboard bus. Here, "between" is in the 
electronic sense, ie receives output from the keyboard 
controller and generates an input for the keyboard bus. 



WO 00/11535 




PCT/GB99/02669 



The device thus acts as an interface between the keyboard 
controller and the bus . 

Suitably, the apparatus further comprises a control 
5 unit (such as a CPU) which interrogates the security device 
to determine whether a correct password has been entered. 
A password protected operation is performed only if the 
control unit receives such verification. 

10 Suitably, the device encrypts all signals it receives. 

Suitably, a decryption tool is provided between the output 
of the device and the application to which they key presses 
comprise instructions. 

15 According to the present invention in a second aspect, 

there is provided a method of verifying which of a first 
input channel and a second input channel is used in data 
processing apparatus, the method comprising the steps of 
upon input of a password to the apparatus, a security 

20 device receiving input from the first input channel not 
from the second input channel declining password 
authorisation, if the input is through the second input 
channel, and if the correct password is input through the 
first input channel providing a password verification, 

25 ■ • ; ■ ' ' - 

Suitably, the method includes the step of determining 
whether the security device has verified the password and, 
if not, varying the operation of the apparatus. Normally, 
the variation will be: a restriction in bperation. 

30 Typically, it will render the apparatus unusable. 
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Suitably, a control unit (such as a CPU) interrogates 
the security device to determine whether the correct 
password has been entered. 

5 Suitably, the method includes the step of receiving 

signals only from the first input channel. Suitably, the 
data processing apparatus includes a device for receiving 
signals. Suitably, the device cannot receive signals from 
the second input channel . 

10 

Suitably, the first input channel comprises a first 
peripheral input device. Suitably, the first peripheral 
input device comprises a keyboard and the security device 
is located to receive signals from the keyboard and 

15 transmit them to a keyboard controller or to a bus. 
Suitably, the device is located between the keyboard 
controller and the keyboard bus. Here, "between" is in the 
electronic sense, ie receives output from the keyboard 
controller and generates an input for the keyboard bus. 

20 The device thus acts as an interface between the keyboard 
controller and the bus. 

Suitably, the apparatus further comprises a control 
unit (such as a CPU) which interrogates the security device 
25 to determine whether a correct password has been entered. 
A password protected operation is performed only if the 
control unit receives such verification. 

Brief Description of the Figyi;? 

30 

The present invention will now be described, by way of 
example only, with reference to the Figure that follows 
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which is a schematic illustration of an electronic data 
processing apparatus embodying the present invention. 

Description of the Preferred Embodiments 



In one preferred embodiment of the present invention, 
there is provided an electronic data processing apparatus, 
typically a personal computer ("PC") 2. The PC 2 receives 
input signals from peripheral input devices (eg keyboard, 

10 data socket, pen, voice recognition microphone etc) . The 
PC includes a keyboard 4 having an associated bus 6 and a 
keyboard controller 8 forming a first input channel from 
the keyboard 4 . The PC 2 also has at least one further 
input channel 10 for signals corresponding to those from 

15 the keyboard 4. Typically, this further input channel 10 
will comprise a data socket for receipt of digital signals 
transmitted from a remote modem (not shown) . The PC 2 
generally treats signals received via the data socket in 
the same way as those received from the keyboard 4, except 

20 as set out below. 

A security device 12 is located between the keyboard 
controller 8 and the bus 6. That is, the security device 
12 is located to receive signals from the first input 
25 channel (the keyboard 4), but not from the further input 
channel (the data socket 10). The security device 12 has 
the following characteristics. 



5 



(i) 

30 



It includes a fast and reversible 
encryption/decryption algorithm such as DES or T- 
code . 
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(ii) It has a volatile memory Random Access Memory 

(RAM) including authorisation codes or an 
algorithm therefor, or pre- stored password and 
means for checking whether an input password or 
code matches such an authorisation code or 
password. 



(iii) It includes a real-time clock powered by a power 

supply . 

The security device 12 is typically embodied in a board 
(not shown) including a microprocessor. The board may be 
integral to the PC 2 or be a separate plug- in board. 



5 The security device 12 requires a password to be input 

to pass keyboard signals to the bus 8. If the password is 
not provided on demand (a limited number of tries may be 
permitted before a lock-out) the security device 12 will 
either block signals or vary them, for instance by 

o encryption, to be unusable. The security device 12 is 
configured so that upon receipt of the correct password it 
is activated for a predetermined period of time, according 
to the in-built real-time clock. The period of time can be 
varied based upon the password or other authorisation 

5 received. While activated, the security device 12 

transmits keyboard signals unaltered. When not activated 
it is in the encryption state and encrypts signals passing 
therethrough (or may block them) . Thus, while in the 
encryption state the central processing unit ("CPU") of PC 

0 2 cannot understand the output of keyboard 8. 

The security device 12 when activated and authorised 
receives input signals from the keyboard bus and outputs 
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them to the keyboard controller . The delay is 

insignificant . 

In use, the PC 2 is configured to require a password 
5 before permitting access to certain functions or data 
(which may be all functions and/or data) . By way of 
example, a word-processing file may be password protected. 
Before permitting access to the file, the PC CPU requires 
confirmation from the security device 12 that the correct 

10 password has been entered. Only if the CPU receives 
verification from the security device that the correct 
password has been entered will it perform the password 
protected operation. Since the security device 12 can only 
receive inputs from the keyboard, it is not possible to 

15 enter the password from any other source . 

In this way, it is possible to verify the physical 
presence of a user. If signals are input to the PC via a 
modem, for instance from a "hacker", it will not be 
20 received via the keyboard input channel and so the password 
cannot be verified. Thus access can be denied to remote 
users or additional security measures put in place before 
allowing them access. 

25 Typically, data will be encrypted and decryption will 

only be permitted upon verification from the security 
device 12 . 

Preferred embodiments of the present invention also 
3 0 enable a security enhancement to be provided to prevent 
"key logging" attacks. This is where a hacker loads a 
short application on to a PC to be attached which 
application interrogates the operating system to determine 
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each keystroke as it is pressed. A record of keystrokes 
can be used to inspect confidential information and/or 
retrieve passwords . 

5 To prevent this the security device 12 can be set to 

encrypt all key presses according to a predetermined 
encryption algorithm. An encryption algorithm is used to 
ensure that generally a given key press when repeated does 
not generate as an output from the security device 12 the 

10 same output- A tool is additionally provided between the 
operating system and the application to be controlled by 
the key presses to decrypt the encrypted key press data. 
Therefore since the key press information available to the 
operating system is encrypted it is of no use to a key 

15 logger. 

Although reference is made herein to a "password", that 
can comprise any signal or combination of signals and need 
not be a "word" at all. 

20 

Clearly, in certain embodiments the apparatus may only 
verify input from other inputs, usually being peripheral 
input devices. 

25 The reader's attention is directed to all papers 

and documents which are filed concurrently with or previous 
to this specification in connection with this application 
and which are open to public inspection with this 
specification, and the contents of all such papers and 

3 0 documents are incorporated herein by reference. 

All of the features disclosed in this specification 
(including any accompanying claims, abstract and drawings), 
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and/or all of the steps of any method or process so 
disclosed, may be combined in any combination, except 
combinations where at least some of such features and/or 
steps are mutually exclusive. 

5 

Each feature disclosed in this specification (including 
any accompanying claims, abstract and drawings) , may be 
replaced by alternative features serving the same, 
equivalent or similar purpose, unless expressly stated 
10 otherwise. Thus, unless expressly stated otherwise, each 
feature disclosed is one example only of a generic series 
of equivalent or similar features . 

The invention is not restricted to the details of the 
15 foregoing embodiment (s) . The invention extends to any 
novel one, or any novel combination, of the features 
disclosed in this specification (including any accompanying 
claims, abstract and drawings) , or to any novel one, or any 
novel combination, of the steps of any method or process so 
20 disclosed. 
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1. In a data processing apparatus comprising a first input 
channel and a second input channel each for inputting 

5 signals, a security device for verifying a password, and 
means for determining whether the password input to the 
security device comes from the second input channel, in 
which the security device will verify a correct password 
from the first input channel, but not from the second input 
10 channel, in which the security device is configured to 
receive signals from the first input channel and configured 
not to receive signals from the second input channel. 

2. A data processing apparatus according to claim 1, in 
15 which the device receives signals only from the first input 

channel . 

3 . A data processing apparatus according to claim 1 or 
claim 2, in which the device cannot receive signals from 

20 the second input channel . 

4 . A data processing apparatus according to any preceding 
claim, in which the apparatus further comprises means to 
determine whether the security device has verified the 

25 password and, if not, to vary operation of the apparatus. 

5. A data processing apparatus according to any preceding 
claim, in which the first input channel comprises a first 
peripheral input device. 

30 

6. A data processing apparatus according to claim 5, in 
which the first peripheral input device comprises a 
keyboard and the security device is located to receive 
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signals from the keyboard and transmit them to a keyboard 
controller or to a bus . 

7. A data processing apparatus according to claim 5 or 
5 claim 6, in which the device is located between the 

keyboard controller and the keyboard bus. 

8 . A data processing apparatus according to any preceding 
claim, in which the apparatus further comprises a control 

10 unit (such as a CPU) which interrogates the security device 
to determine whether a correct password has been entered. 

9 . A data processing apparatus according to any preceding 
claim, in which the device encrypts all signals it 

15 receives. 

10. A data processing apparatus according to claim 9, in 
which a decryption tool is provided between the output of 
the device and the application to which they key presses 

20 comprise instructions. 

11. A method of verifying which of a first input channel 
and a second input channel is used in data processing 
apparatus, the method comprising the steps of upon input of 

25 a password to the apparatus, a security device receiving 
input from the first input channel not from the second 
input channel declining password authorisation, if the 
input is through the second input channel, and if the 
correct password is input through the first input channel 

30 providing a password verification. 



12. A method according to claim 11, in which the method 
includes the step of determining whether the security 
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device has verified the password and, if not, varying the 
operation of the apparatus. 

13. A method according to claim 12, in which a control unit 
5 (such as a CPU) interrogates the security device to 

determine whether the correct password has been entered. 

14 . A method according to any one of claims 11 to 13 , in 
which the method includes the step of receiving signals 

10 only from the first input channel. 

15. A method according to claim 14 , in which the data 
processing apparatus includes a device for receiving 
signals. 

15 

16. A method according to claim 14 or claim 15, in which 
the device cannot receive signals from the second input 
channel . 

20 17. A method according to any one of claims 11 to 16, in 
which the first input channel comprises a first peripheral 
input device. 

18. A method according to claim 17, in which the first 
25 peripheral input device comprises a keyboard and the 
security device is located to receive signals from the 
keyboard and transmit them to a keyboard controller or to a 
bus. 

30 19. A method according to claim 17 or claim 18, in which 
the device is located between the keyboard controller and 
the keyboard bus. 
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20. A method according to any one of claims 11 to 19 , in 
which the apparatus further comprises a control unit (such 
as a CPU) which interrogates the security device to 
determine whether a correct password has been entered- 
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